Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: How to trap the user's login program and disallow if Windows based?

Re: How to trap the user's login program and disallow if Windows based?

From: Thomas Kyte <tkyte_at_oracle.com>
Date: 5 Jun 2002 03:51:49 -0700
Message-ID: <adkqg501tes@drn.newsguy.com>


In article <8d4033cd.0206041503.4c37138e_at_posting.google.com>, enzoweb_at_hotmail.com says...
>
>Oracle RDBMS V8.0.6 on Solaris 2.7
>
>I can remember that there is a way to trap the program name a user is
>logging into the database with, and disallow it if it is something
>like TOAD or ACCESS.
>

and all I would do if you did that would be:

copy toad.exe program_you_allow.exe

then -- I'm in again.

using the program column does not work in the real world

>Here is the problem:
>
>We have an application which connects into the database with the
>password hard-coded and which everyone knows. This application userid
>is also the schema owner. The developers also use TOAD. We can change
>the application password but it is hard coded in plain text and
>everyone knows how to see it. So the Developers have a habit of
>signing on to TOAD as the application owner and therefore have total
>access to the tables.
>
>I know that I can create a trigger at logon to run some SQL, but
>
>1. Not sure if it works on the V806 we are running.
>2. Don't know how to code it.
>
>So, I want it to go -
>
>login - check program name - if user = schema.owner and program !=
>program.name then kill session (and maybe issue a nasty message).
>
>Does anyone have an example of this I can use?
>
>Thanks.

--
Thomas Kyte (tkyte@oracle.com)             http://asktom.oracle.com/ 
Expert one on one Oracle, programming techniques and solutions for Oracle.
http://www.amazon.com/exec/obidos/ASIN/1861004826/  
Opinions are mine and do not necessarily reflect those of Oracle Corp 
Received on Wed Jun 05 2002 - 05:51:49 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US